Mr. Towns introduced
the following bill; which was referred to the
Committee on Oversight and Government
Reform

A BILL

To require the Director of the Office of Management and
Budget to issue guidance on the use of peer-to-peer file sharing software to
prohibit the personal use of such software by Government employees, and for
other purposes.

1.

Short title

This Act may be cited as the
Secure Federal File Sharing
Act.

2.

Requirements

(a)

Updated guidance
on use of certain software programs

Not later than 90 days after
the date of the enactment of this Act, the Director of the Office of Management
and Budget, after consultation with the Federal Chief Information Officers
Council, shall issue guidance on the use of peer-to-peer file sharing
software—

(1)

to prohibit the
download, installation, or use by Government employees and contractors of
open-network peer-to-peer file sharing software on all Federal computers,
computer systems, and networks, including those operated by contractors on the
Government’s behalf, unless such software is approved in accordance with
procedures under subsection (b); and

(2)

to address the download, installation, or
use by Government employees and contractors of such software on home or
personal computers as it relates to telework and remotely accessing Federal
computers, computer systems, and networks, including those operated by
contractors on the Government’s behalf.

(b)

Approval process
for certain software programs

Not later than 90 days after the
date of the enactment of this Act, the Director of the Office of Management and
Budget shall develop a procedure by which the Director, in consultation with
the Chief Information Officer, may receive requests from heads of agencies or
chief information officers of agencies for approval for use by Government
employees and contractors of specific open-network peer-to-peer file sharing
software programs that are—

(1)

necessary for the
day-to-day business operations of the agency;

(2)

instrumental in
completing a particular task or project that directly supports the agency’s
overall mission;

(3)

necessary for use
between, among, or within Federal, State, or local government agencies in order
to perform official agency business; or

(4)

necessary for use
during the course of a law enforcement investigation.

(c)

Agency
responsibilities

Not later
than 180 days after the date of enactment of this Act, the Director of the
Office of Management and Budget shall—

(1)

direct agencies to
establish or update personal use policies of the agency to be consistent with
the guidance issued pursuant to subsection (a);

(2)

direct agencies to
require any contract awarded by the agency to include a requirement that the
contractor comply with the guidance issued pursuant to subsection (a) in the
performance of the contract;

(3)

direct agencies to
update their information technology security or ethics training policies to
ensure that all employees, including those working for contractors on the
Government’s behalf, are aware of the requirements of the guidance required by
subsection (a) and the consequences of engaging in prohibited conduct;
and

(4)

direct agencies to
ensure that proper security controls are in place to prevent, detect, and
remove file sharing software that is prohibited by the guidance issued pursuant
to subsection (a) from all Federal computers, computer systems, and networks,
including those operated by contractors on the Government’s behalf.

3.

Annual
report

Not later than one
year after the date of the enactment of this Act, and annually thereafter, the
Director of the Office of Management and Budget shall submit to the Committee
on Oversight and Government Reform of the House of Representatives and the
Committee on Homeland Security and Governmental Affairs of the Senate a report
on the implementation of this Act, including—

(1)

a
justification for each open-network peer-to-peer file sharing software program
that is approved pursuant to subsection (b); and

(2)

an inventory of
the agencies where such programs are being used.

4.

Definitions

In this Act:

(1)

Agency

The
term agency has the meaning provided the term Executive
agency by section 105 of title 5, United States Code.

(2)

Open-network

The
term open-network, with respect to software, means a network in
which—

(A)

access is granted
freely, without limitation or restriction; or

(B)

there are little
or no security measures in place.

(3)

Peer-to-peer
file sharing software

The term peer-to-peer file sharing
software—

(A)

means a program, application, or software
that is commercially marketed or distributed to the public and that
enables—

(i)

a file or files on the computer on which
such program is installed to be designated as available for searching and
copying to one or more other computers;

(ii)

the
searching of files on the computer on which such program is installed and the
copying of any such file to another computer—

(I)

at the initiative of such other computer
and without requiring any action by an owner or authorized user of the computer
on which such program is installed; and

(II)

without requiring
an owner or authorized user of the computer on which such program is installed
to have selected or designated another computer as the recipient of any such
file; and

(iii)

an owner or authorized user of the computer
on which such program is installed to search files on one or more other
computers using the same or a compatible program, application, or software, and
copy such files to such owner or user’s computer; and

(B)

does not include a program, application, or
software designed primarily—

(i)

to
operate as a server that is accessible over the Internet using the Internet
Domain Name system;